US2008107275A1PendingUtilityA1

Method and system for encryption of information stored in an external nonvolatile memory

Assignee: ASNAASHARI MEHDIPriority: Nov 8, 2006Filed: Nov 8, 2006Published: May 8, 2008
Est. expiryNov 8, 2026(~0.3 yrs left)· nominal 20-yr term from priority
G06F 15/16G06F 21/00H04L 9/14G06F 21/80G06F 21/79
46
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A nonvolatile storage system is described that includes a controller for transferring information between a host and nonvolatile memory. The controller includes an encryption/decryption engine for transferring information to and from a nonvolatile memory device, located externally to the controller, using a first key to encrypt information being stored into the nonvolatile memory device prior to storage thereof and further using the first key to decrypt the stored encrypted information after retrieval of thereof. Alternatively, a second key is used in conjunction with the first key to add further security to the information stored within the nonvolatile memory.

Claims

exact text as granted — not AI-modified
1 . A controller employed in a nonvolatile storage system for transferring information between a host and nonvolatile memory comprising:
 an encryption/decryption engine for transferring information to and from the nonvolatile memory, located externally to the controller, wherein the engine uses a key to encrypt information to be stored into the nonvolatile memory device prior to storage therein and uses the key to decrypt encrypted information after retrieval from the nonvolatile memory.   
   
   
       2 . A controller, as recited in  claim 1 , wherein the key is a master key. 
   
   
       3 . A controller, as recited in  claim 2 , wherein an encrypted data key is stored, by the engine, into a predetermined location within the nonvolatile memory, the encrypted data key having been generated by the engine using the master key, the stored encrypted data key is retrieved from the predetermined location and decrypted by the engine using the master key and being used to decrypt information retrieved from the nonvolatile memory located in other than the predetermined location. 
   
   
       4 . A controller, as recited in  claim 3 , further including a multiplexer adapted to selectively provide the master key and the data key to the engine. 
   
   
       5 . A controller, as recited in  claim 3 , wherein the predetermined location is a private area for storing information other than data intended to be stored by a user of the system. 
   
   
       6 . A controller, as recited in  claim 5 , wherein more than one private area are designated. 
   
   
       7 . A controller, as recited in  claim 6 , wherein each of the private areas includes an encrypted data key unique thereto. 
   
   
       8 . A controller, as recited in  claim 7 , further including a random number generator for generating a data key that is the unencrypted version of the encrypted data key. 
   
   
       9 . A controller, as recited in  claim 3 , further including a random number generator for generating a random number adapted to be received by the engine for generating the encrypted data key. 
   
   
       10 . A controller, as recited in  claim 2 , further including a random number generator for generating the master key. 
   
   
       11 . A controller, as recited in  claim 10 , further including an encoder/decoder key storage device for storing the data key. 
   
   
       12 . A controller, as recited in  claim 11 , further including a nonvolatile memory for storing a unique random number generated by the random number generator. 
   
   
       13 . A controller, as recited in  claim 1 , further including an encoder/decoder key storage device for storing the master key. 
   
   
       14 . A nonvolatile memory system comprising:
 nonvolatile memory;   a controller coupled between a host and the nonvolatile memory for transferring information therebetween and being located externally to the nonvolatile memory, the controller including an encryption/decryption engine for transferring information, in cipher text, to the nonvolatile memory using a key to encrypt information being stored into the nonvolatile memory by generating the cipher text prior to storage and using providing plain text by using the key to decrypt the stored cipher text after retrieval of the stored information.   
   
   
       15 . A nonvolatile memory system, as recited in  claim 14 , wherein the key is a master key. 
   
   
       16 . A nonvolatile memory system, as recited in  claim 14 , wherein an encrypted data key is retrieved from a private area designated within the nonvolatile memory, the data key being decrypted by the engine and being used to decrypt information retrieved from the nonvolatile memory located other than in the private area. 
   
   
       17 . A nonvolatile memory system, as recited in  claim 14 , wherein the controller includes one-time-programmable memory, nonvolatile memory, or fuse(s) for storing the data key. 
   
   
       18 . A nonvolatile memory system, as recited in  claim 14 , wherein the controller includes one-time-programmable memory, nonvolatile memory, or fuse(s) for storing the master key. 
   
   
       19 . A nonvolatile memory system, as recited in  claim 14 , wherein the nonvolatile memory is flash memory or hard disk drive. 
   
   
       20 . A nonvolatile memory system, as recited in  claim 14 , wherein the nonvolatile memory includes nonvolatile semiconductor memory. 
   
   
       21 . A nonvolatile memory system, as recited in  claim 20 , wherein the nonvolatile semiconductor memory is one or more integrated circuits. 
   
   
       22 . A controller employed in a nonvolatile storage system for transferring information between a host and nonvolatile memory comprising:
 an encryption/decryption engine for transferring information to and from a nonvolatile memory device, located externally to the controller, the engine for receiving plain text and using a key to generate a cipher text version of the received plain text for storage thereof into the nonvolatile memory device and upon retrieval of information, using the key to decrypt the cipher text to re-generate the plain text.   
   
   
       23 . A controller, as recited in  claim 22 , wherein the key is a master key. 
   
   
       24 . A controller, as recited in  claim 22 , wherein an encrypted data key is retrieved from a private area designated within the nonvolatile memory, the data key being decrypted by the engine and being used to decrypt information retrieved from the nonvolatile memory located other than in the private area. 
   
   
       25 . A method of securely storing and accessing information to and from nonvolatile memory comprising:
 receiving plain text;   encrypting plain text with a first key to generate cipher text;   storing the cipher text in nonvolatile memory located externally to where the cipher text is generated;   retrieving the stored cipher text; and   decrypting the retrieved cipher text using the first key.   
   
   
       26 . A method of securely storing and accessing information, as recited in  claim 25 , further including the steps of:
 storing an encrypted version of a second key into a predetermined area within the nonvolatile memory;   retrieving the encrypted second key;   using the master key to decrypt the second key; and   retrieving information from an area, other than the predetermined area, of the nonvolatile memory using the second key.   
   
   
       27 . A method of manufacturing a controller comprising:
 generating a master key unique to a controller being manufactured;   storing the generated master key in the controller;   encrypting information being stored, prior to storage, using the stored master key, the encrypted information being indecipherable by any known techniques;   storing the encrypted information;   reading the stored encrypted information; and   decrypting the stored encrypted information being read, using the stored master key.   
   
   
       28 . A method of manufacturing a controller, as recited in  claim 27 , wherein performing the generation step in real-time. 
   
   
       29 . A method of manufacturing a controller, as recited in  claim 27 , wherein performing the encryption step using AES. 
   
   
       30 . A controller testing apparatus for testing a controller comprising:
 a random number generator for generating a master key t unique to a portable removable consumer device; and   encryption/decryption engine for encrypting information being stored, prior to storage, using the master key and for decrypting encrypt information using the master key, the encrypted information being indecipherable by any known techniques.   
   
   
       31 . A nonvolatile storage system for transferring information between a host and nonvolatile memory comprising:
 nonvolatile memory;   communication link coupled to the nonvolatile memory; and   controller coupled to the nonvolatile memory, through the communication link, and packaged in the same unit as the nonvolatile memory and including an encryption/decryption engine for transferring information to and from the nonvolatile memory, located externally to the controller, wherein the engine uses a key to encrypt information to be stored into the nonvolatile memory device prior to storage therein and uses the key to decrypt encrypted information after retrieval from the nonvolatile memory.   
   
   
       32 . A portable removable consumer device for transferring information between a host and nonvolatile memory comprising:
 nonvolatile memory;   communication link coupled to the nonvolatile memory; and   controller coupled to the nonvolatile memory, through the communication link, and located externally to the nonvolatile memory and including an encryption/decryption engine for transferring information to and from the nonvolatile memory, the engine selectively receiving a key and using the same to encrypt information to be stored into the nonvolatile memory device prior to storage therein and using the key to decrypt encrypted information after retrieval from the nonvolatile memory.   
   
   
       33 . A portable removable consumer device, as recited in  claim 32 , wherein the controller further includes a random number generator for generating a master key unique to the device and generated only once. 
   
   
       34 . A portable removable consumer device, as recited in  claim 32 , wherein the random number generator is used to generate a second key, selectively employed by the engine to encrypt and decrypt information to and from the nonvolatile memory. 
   
   
       35 . A portable removable consumer device, as recited in  claim 34 , wherein the engine for encrypting the second key to generate and store a cipher data key in a designated area of the nonvolatile memory. 
   
   
       36 . A portable removable consumer device, as recited in  claim 35 , wherein the designated area is used to store information other than that intended to be stored by a user of the device. 
   
   
       37 . A portable removable consumer device, as recited in  claim 35 , further including a key storage device coupled to the engine for storing the key.

Join the waitlist — get patent alerts

Track US2008107275A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.